Light Dark
September 22, 2016 By Douglas Bonderud 2 min read

Cybercriminals are innovating. New attack vectors — everything from fansmitter information stealing to the rise of smishing — have cybersecurity professionals struggling to keep up. It’s no surprise that many companies are investing heavily in innovation to both protect corporate networks and empower end users.

As noted by SC Magazine, however, a new business innovation study by Ponemon Institute found that efforts to think outside the box and the drive to keep the enterprise safe may be working at odds.

Business Innovation Study Bears Bad News

According to IT Pro Portal, there’s something very wrong with the state of cybersecurity. Despite the best efforts from organizations and IT professionals alike, successful attacks are on the rise. Security spending is expected to hit $170 billion by 2020, and the U.S. plans to shell out $19 billion on cybersecurity research.

Still, cybercrime is up 20 percent year over year. Additionally, 81 percent of health care agencies were compromised last year and ransomware incidents are up 172 percent so far in 2016. This is not good news.

Burning at Both Ends

The Ponemon Institute business innovation study revealed that companies are burning the candle at both ends trying to satisfy the demands for easier access and more direct user control without exposing the organization to undue risk.

Efforts to address the lack of necessary access controls and security safeguards limits the amount of time IT professionals have to innovate. At the same time, prematurely empowering users to manage access rights can open new security gaps.

Put simply, cybersecurity remains the industry’s problem child. More spending hasn’t fixed the issue, and efforts to sidestep the problem have only made it worse.

An Inextricable Link

So what’s the solution to this cybersecurity crisis? The Harvard Business Review pointed to improved executive buy-in. Security professionals must learn to make an effective business case for IT security not as a stopgap measure or cure all, but rather an integral part of a long-term corporate strategy. This nets critical monetary resources and helps shift corporate culture away from reactive defense to more proactive protection.

As noted by Federal Computer Week, meanwhile, efforts to improve cybersecurity may be best served by the recognition that IT modernization, improved security and innovation are inextricably linked. In other words, it’s not enough to give IT professionals free rein to innovate at the cost of security, nor can security budgets override the need for corporate creativity. Instead, the march toward a tech-driven future depends on a combination of these two outcomes. This create a symbiotic relationship that gives IT the room to create without abandoning control.

Ultimately, trying to out-innovate cybercriminals is a losing battle since they don’t contend with corporate culture or C-suite requirements. To achieve any meaningful progress against attackers, companies must create a kind of inextricable link between innovation and security. Where goes the box, so too goes its bulwark.

 |  |  | 
Douglas Bonderud
Freelance Writer

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature